CVE-2012-4027 - Wed Tunneloflove

Description

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images nav and px folders by leveraging incorrect permissions as demonstrated by reading the config.bog file.

Reference

https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html